Encode scope in secondary keys for cross-scope isolation#47
Merged
Conversation
Secondary index iteration via kv_idx_* intrinsics was leaking entries across scopes because sec_key had no scope discriminator. Fix by prepending [scope:8B BE] to secondary keys and shrinking pri_key from [scope:8B][pk:8B] to [pk:8B] (scope is now in sec_key). Changes: - encode_scoped_secondary: prepend scope to all secondary key types - Fast-path overloads for uint64_t, uint128_t, and double - operator-- end-sentinel: size max_sec buffer from sizeof(secondary_key_type) - static_assert that sizeof matches pack_size for secondary types - check_scope validates scope prefix on every iterator advance - Update docs (intrinsics reference, storage guide) - Add cross-scope isolation tests (CDT unit + integration)
…_view Make datastream<size_t> constexpr-friendly: add constexpr to constructor, skip, write, tellp. Make primitive operator<< and pack_size constexpr, using if-constexpr to avoid reinterpret_cast in the size-counting path. Replace the pack_size-based static_assert with std::is_trivially_copyable which is constexpr for all secondary key types including checksum256.
The mi_scope_tests contract's row struct lacked the [[sysio::table]] attribute, so CDT's ABI generator emitted the scopetbl table entry without the corresponding row type definition. This caused set_abi to fail with "invalid_type_inside_abi: row" in integration tests.
brianjohnson5972
approved these changes
Apr 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
kv_idx_find_secondaryandkv_idx_lower_boundhave no scope parameter, so secondary index iteration returned entries from ALL scopes within a contract, breakingmulti_indexscope isolation.kv_multi_indexnow prepends[scope:8B BE]to secondary keys and storespri_keyas[pk:8B](was[scope:8B][pk:8B]). Scope isolation is enforced at the key encoding level.encode_scoped_secondaryoverloads foruint64_t,uint128_t, anddoubleoperator--end-sentinel sizesmax_secbuffer fromsizeof(secondary_key_type)withstatic_assertguardDepends on: Wire-Network/wire-sysio#284 (chain-side changes)